Forum Discussion

Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Mar 18, 2012

Random Number Generator

Hi Folks,     i'm looking for a secure way to generate random and non-predicable 256bit values for session cookies. I pretty much understand the basics of RNG and already know that the irule "ra...
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Apr 30, 2012
Hi Folks,

 

 

I’ve finished my work and uploaded the FORMS/BASIC authentication engine for review.

 

 

ftp://ftp.itacs.de/Pre-Auth.zip

 

 

The uploaded ZIP file contains a Full-DEBUG version of the engine and is not meant to run in production environments (not yet!). I’ll upload an optimized version (e.g. without DEBUG code and some additional code optimizations) at a later time…

 

 

To get the engine up and running your need to configure at least two virtual servers and you need to import the external data group and to configure the authentication trampoline…

 

 

0.)The provided iRule depends on V11. ACA and APM modules are not required to run this engine…

 

 

1.)Virtual Server for Exchange CAS access

 

a.VS Bridging: HTTPS:443-to-HTTPS:443

 

b.Pool: Exchange CAS Server with BASIC authentication enabled

 

c.iRules: Attach the provided engine (the order of the different iRules doesn’t matter since the events are already prioritized)

 

 

2.)Virtual Server for Sideband authentication access

 

a.VS Bridging: HTTP:81-to-HTTPS:443

 

b.Pool: Use the Exchange CAS Server or a dedicated authentication pool (the name of the pool must match the configured sideband repository name specified in the RULE_INIT section)

 

c.iRules: none

 

 

3.)External data group

 

a.Import the provided external data group and name it “FBAFiles”

 

 

4.)Authentication Trampoline configuration

 

a.Create a new Folder on the root web site (e.g. ..\Auth_Tramp\)

 

b.Place a *.txt file (e.g. validate.txt) in the created folder and put the receive string (e.g. AUTH) into it.

 

c.Enable BASIC authentication for the trampoline and tweak the ACL’s as necessary. Specify the BASIC default domain name if you like to.

 

d.The VS and HOST name, URI and Receive String must match the values specified in the RULE_INIT section

 

 

I’m really looking forward to hear your honest opinions. If you have TCL coding tips, installation / functionality questions and general concerns or wishes, then let me know! You could either reply here in the forums or write me an email to [ kw AT itacs DOT de]… :)

 

 

-Kai